Bad coincidence: New worm virus plagues the Net

A week after terrorist attacks in New York and Washington, the Internet came under fire from a fast-spreading, mass-mailer worm that replicates itself several ways.

The CERT Coordination Center began receiving reports Sept. 18 of a massive increase in port 80 scanning. They were followed by reports of the Nimda ('admin' spelled backwards) worm, which arrived in e-mail messages with the attachment readme.exe.

Opening the e-mail triggered the worm, or it sometimes executed automatically by exploiting a vulnerability in Microsoft Outlook. It then sent itself to a recipient's mail list with a random subject line.

The worm also went after Microsoft Internet Information Server installations, defacing Web sites in the process. Visitors to such sites could get the worm on their systems.

Stephen Northcutt of the SANS Institute of Bethesda, Md., said the worm apparently is unconnected to terrorist attacks. 'If it had happened the morning of Sept. 11, we'd have had to come up with a different story,' he said.